Sem Voigtländer

Name of the Vulnerable Software and Affected Versions: Cisco Webex Meetings (affected versions not specified) Description: A vulnerability in Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The issue is due to improper checks on parameter values in affected pages. An attacker could exploit this by persuading a user to follow a crafted link designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page, redirecting the user to potentially malicious websites, or conduct further client-side attacks. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 6 iOS versions prior to 13 tvOS versions prior to 13 **Description** A memory corruption issue was addressed with improved memory handling, which may allow an application to execute arbitrary code with kernel privileges. **Recommendations** For watchOS versions prior to 6, update to watchOS 6 to resolve the issue. For iOS versions prior to 13, update to iOS 13 to resolve the issue. For tvOS versions prior to 13, update to tvOS 13 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Shortcuts versions prior to 2.1.3 **Description** A parsing issue in the handling of directory paths was addressed with improved path validation. This could allow a local user to view sensitive user information. **Recommendations** For versions prior to 2.1.3, update to version 2.1.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3.2 **Description** The issue involves the Notifications component and allows attackers to cause a denial of service via a crafted app. **Recommendations** For iOS versions prior to 10.3.2, update to version 10.3.2 or later to resolve the issue.